[users@httpd] CVE-2017-7679: mod_mime buffer overread

2017-06-19 Thread Jacob Champion
CVE-2017-7679: mod_mime buffer overread Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

[users@httpd] CVE-2017-3169: mod_ssl null pointer dereference

2017-06-19 Thread Jacob Champion
CVE-2017-3169: mod_ssl null pointer dereference Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an

[users@httpd] CVE-2017-7668: ap_find_token buffer overread

2017-06-19 Thread Jacob Champion
CVE-2017-7668: ap_find_token buffer overread Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.32 httpd 2.4.24 (unreleased) httpd 2.4.25 Description: The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which

[users@httpd] CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

2017-06-19 Thread Jacob Champion
CVE-2017-3167: ap_get_basic_auth_pw authentication bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may

RE: [users@httpd] Building httpd2.4.25 on powerpc-ibm-aix7.1.0.0

2017-06-19 Thread Joseph, Anselm
Hi Eric et al., I built apache and I am able to successfully reach the url from Firefox: "It works". However, when I run ./davautocheck.sh from ~/ci/subversion/subversion/tests/cmdline, it finds apxs but generates this error: davautocheck.sh: Using '~/ci/httpd-2.4.25/apache/bin/apxs'... Use

[users@httpd] check_forensic script on Red Hat?

2017-06-19 Thread Rose, John B
Does check_forensic still exist? I am not finding it.

[users@httpd] CVE-2017-7659: mod_http2 null pointer dereference

2017-06-19 Thread Jim Jagielski
CVE-2017-7659: mod_http2 null pointer dereference Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.24 (unreleased) httpd 2.4.25 Description: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server

[users@httpd] [ANNOUNCE] Apache HTTP Server 2.4.26 Released

2017-06-19 Thread Jim Jagielski
Apache HTTP Server 2.4.26 Released June 19, 2017 The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.26 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the